Product Description==============================================================================="Acunetix is the leading web vulnerability scanner used by serious fortune 500 companies and widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology. It automatically crawls your websites and performs black box AND grey box hacking techniques which finds dangerous vulnerabilities that can compromise your website and data.

Vulnerability 1: Local Privilege Escalation through Unsecured Database Server===============================================================================Acunetix WVS uses a PostgreSQL database in the backend to store all its data. However, because of the disabled authentication for local connections and cleartext credentials within a user readable configuration file, it was possible to gain full control over this database. As the database's Windows service was also configured to run as LOCAL SYSTEM, this could be abused to drop arbitrary file. As documented in the full report, this could further be exploited (using sqlmap) to gain full control over the affected target system.

Full Details: https://bogner.sh/2017/05/another-local-privilege-escalation-in-acunetix-11/

Vulnerability 2: Local Privilege Escalation through DLL Sideloading ===============================================================================Additionally a DLL sideloading vulnerability was discovered in the Acunetix Windows service. As this service was also configured to run as LOCAL SYSTEM, it could also be abused to gain full control over the target.

Full Details: https://bogner.sh/2017/05/local-privilege-escalation-in-acunetix-11/

Suggested Solution===============================================================================Update to the latest version.

Disclosure Timeline===============================================================================5.1.2017: The issues have been documented and reported6.1.2017: The issues have already been escalated to R&D31.3.2017: Asked for update4.4.2017: Fixed version (build 11.0.170941159) has been released28.5.2017: Public disclosure